Malware risk on Android devices growing, report says

The rise of smartphones and accompanying increase in malware continues to accelerate, according to a report released Tuesday by San Francisco start-up Lookout Mobile Security.

Owners of phones that run on Google’s Android operating system are two and a half times more likely to encounter malware than they were just six months ago, according to the report. A Lookout survey of app stores and download sites found that in the first half of the year, the number of unique apps containing malware rose from 80 to 400: an increase of 500 percent.

The company describes a few new ways that malware distributors are gaining access to users’ phones.

– Malicious advertising. Banner ads promoting nonexistent services encourage users to click through — and once they do, malware installs installs in the background. In June, Lookout discovered GGTracker, which signed users up for a $10-a-month premium texting service without their consent. It was promoted using phony ads.

– Re-packaging malware into other apps. Some malware distributors are taking legitimate apps and stuffing them with malware, then re-posting them on app stores and other download sites. Lookout’s report also said it identified its first-ever “update attack,” in which malware distributors first published a totally legitimate application and then updated it with malware later.

“As mobile devices grow in popularity, so do the incentives for attackers,” said Kevin Mahaffey, co-founder of Lookout, in the report. “We’ve seen the prevalence and the level of sophistication of mobile malware attacks evolve significantly in the first six months of 2011. We expect this trend to continue as more and more people adopt mobile devices.”

Of course, security companies always say this — according to the Symantec and McAfees of the world, every day on the Internet is the least secure day ever in history — and pointing this out is in their self interest. (Lookout makes anti-virus software for smartphones, in both free and paid versions.) But these companies have data on their side, and as the mobile market grows into the billions, users would do well to keep themselves apprised of the threats.